Hacker News new | past | comments | ask | show | jobs | submit login

To be fair, it’s easier and more convenient to just tell the user to download their own app than having to set up any other 2FA service.

Authentication has been a solved problem for decades but no bank is going to ask the general public to use their SSH keys.




The question is whether something standard like TOTP is also offered as an option (regardless of how "dark-patterny" it is to get to the option --- I've seen services that will heavily push their own app, but if you look carefully you'll see TOTP too, often disguised as "Google Authenticator" or something else that doesn't explicitly say TOTP but actually is.)

Authentication has been a solved problem for decades but no bank is going to ask the general public to use their SSH keys.

Nor ask them to put their smartcard in the reader, although many banks will already have given one to their customers...


British banks issued EMV card readers and used them for authentication from around 2005 to 2010, 2015-ish.

It looks like some still provide this to customers who can't use other methods.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: